Home > Security Bulletins > S2-043

Summary

Using the Config Browser plugin in production

Who should read this

All Struts 2 developers and users

Impact of vulnerability

Usage of the Config Browser plugin in a production evnironment

Maximum security rating

Low

Recommendation

Please read the Security guideline

Affected Software

Any Struts 2 version

Reporter

Yelin from Venustech Inc.

CVE Identifier

 

Problem

Usage of the Config Browser in a production environment can lead to exposing vunerable information of the application

Solution

Please read out Security guideline and restrict access to the Config Browwser or do not use in a production environment!

Backward compatibility

No backward incompatibility issues are expected.